stacker.news/lib/url.js

export function ensureProtocol (value) {
  if (!value) return value
  value = value.trim()
  if (!/^([a-z0-9]+:\/\/|mailto:)/.test(value)) {
    value = 'http://' + value
  }
  return value
}

export function isExternal (url) {
  return !url.startsWith(process.env.PUBLIC_URL + '/') && !url.startsWith('/')
}

export function removeTracking (value) {
  if (!value) return value
  const exprs = [
    // twitter URLs
    /^(?<url>https?:\/\/(?:twitter|x)\.com\/(?:#!\/)?(?<user>\w+)\/status(?:es)?\/(?<id>\d+))/
  ]
  for (const expr of exprs) {
    value = expr.exec(value)?.groups.url ?? value
  }
  return value
}

/**
 * parse links like https://stacker.news/items/123456 as #123456
 */
export function parseInternalLinks (href) {
  const url = new URL(href)
  const { pathname, searchParams } = url
  // ignore empty parts which exist due to pathname starting with '/'
  const emptyPart = part => !!part
  const parts = pathname.split('/').filter(emptyPart)
  if (parts[0] === 'items' && /^[0-9]+$/.test(parts[1])) {
    const itemId = parts[1]
    // check for valid item page due to referral links like /items/123456/r/ekzyis
    const itemPages = ['edit', 'ots', 'related']
    const itemPage = itemPages.includes(parts[2]) ? parts[2] : null
    if (itemPage) {
      // parse   https://stacker.news/items/1/related?commentId=2
      // as      #1/related
      // and not #2
      // since commentId will be ignored anyway
      const linkText = `#${itemId}/${itemPage}`
      return linkText
    }
    const commentId = searchParams.get('commentId')
    const linkText = `#${commentId || itemId}`
    return linkText
  }
}

export function stripTrailingSlash (uri) {
  return uri.endsWith('/') ? uri.slice(0, -1) : uri
}

export function parseNwcUrl (walletConnectUrl) {
  if (!walletConnectUrl) return {}

  walletConnectUrl = walletConnectUrl
    .replace('nostrwalletconnect://', 'http://')
    .replace('nostr+walletconnect://', 'http://') // makes it possible to parse with URL in the different environments (browser/node/...)

  // XXX There is a bug in parsing since we use the URL constructor for parsing:
  // A wallet pubkey matching /^[0-9a-fA-F]{64}$/ might not be a valid hostname.
  // Example: 11111111111 (10 1's) is a valid hostname (gets parsed as IPv4) but 111111111111 (11 1's) is not.
  // See https://stackoverflow.com/questions/56804936/how-does-only-numbers-in-url-resolve-to-a-domain
  // However, this seems to only get triggered if a wallet pubkey only contains digits so this is pretty improbable.
  const url = new URL(walletConnectUrl)
  const params = {}
  params.walletPubkey = url.host
  const secret = url.searchParams.get('secret')
  const relayUrl = url.searchParams.get('relay')
  if (secret) {
    params.secret = secret
  }
  if (relayUrl) {
    params.relayUrl = relayUrl
  }
  return params
}

// eslint-disable-next-line
export const URL_REGEXP = /^((https?|ftp):\/\/)?(www.)?(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?)(:\d*)?)(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)?(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/i

// eslint-disable-next-line
export const WS_REGEXP = /^(wss?:\/\/)([0-9]{1,3}(?:\.[0-9]{1,3}){3}|(?=[^\/]{1,254}(?![^\/]))(?:(?=[a-zA-Z0-9-]{1,63}\.)(?:xn--+)?[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*\.)+[a-zA-Z]{2,63})(:([0-9]{1,5}))?(\/[^\s`@#$^&=.?"{}\\]+\/?)*([^\s`@#$^&=?"{}\/\\]+)?(\?[^\s`#$^"{}\\]+)*$/

export const IMGPROXY_URL_REGEXP = new RegExp(`^${process.env.NEXT_PUBLIC_IMGPROXY_URL}.*$`)
// this regex is not a bullet proof way of checking if a url points to an image. to be sure, fetch the url and check the mimetype
export const IMG_URL_REGEXP = /^(https?:\/\/.*\.(?:png|jpg|jpeg|gif))$/
be more permissible with links and nofollow when low sats 2021-05-20 19:11:58 +00:00			`export function ensureProtocol (value) {`
make item creation easier 2023-08-24 00:06:26 +00:00			`if (!value) return value`
Fix ensureProtocol not trimming whitespace 2023-05-20 00:50:56 +00:00			`value = value.trim()`
force unique user name 2021-05-21 19:34:40 +00:00			`if (!/^([a-z0-9]+:\/\/\|mailto:)/.test(value)) {`
be more permissible with links and nofollow when low sats 2021-05-20 19:11:58 +00:00			`value = 'http://' + value`
			`}`
			`return value`
			`}`
Remove tracking from twitter URLs 2022-11-15 23:51:00 +00:00
slight mods to open redirect fix 2023-05-07 13:33:51 +00:00			`export function isExternal (url) {`
prevent external subdomain redirect 2023-05-07 15:02:23 +00:00			`return !url.startsWith(process.env.PUBLIC_URL + '/') && !url.startsWith('/')`
slight mods to open redirect fix 2023-05-07 13:33:51 +00:00			`}`

Remove tracking from twitter URLs 2022-11-15 23:51:00 +00:00			`export function removeTracking (value) {`
make item creation easier 2023-08-24 00:06:26 +00:00			`if (!value) return value`
Remove tracking from twitter URLs 2022-11-15 23:51:00 +00:00			`const exprs = [`
			`// twitter URLs`
Update twitter url regexs to match x.com or twitter.com (#454) Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com> 2023-08-31 01:13:43 +00:00			`/^(?<url>https?:\/\/(?:twitter\|x)\.com\/(?:#!\/)?(?<user>\w+)\/status(?:es)?\/(?<id>\d+))/`
Remove tracking from twitter URLs 2022-11-15 23:51:00 +00:00			`]`
			`for (const expr of exprs) {`
recognize all youtube links 2023-01-11 20:58:52 +00:00			`value = expr.exec(value)?.groups.url ?? value`
Remove tracking from twitter URLs 2022-11-15 23:51:00 +00:00			`}`
			`return value`
			`}`
Merge branch 'master' into 190-strip-tracking-info 2023-01-11 18:17:25 +00:00
Add tests for internal linking (#808) * Add tests for internal linking * Add workflow for unit tests * Use jest 2024-02-17 21:53:36 +00:00			`/**`
			`* parse links like https://stacker.news/items/123456 as #123456`
			`*/`
			`export function parseInternalLinks (href) {`
			`const url = new URL(href)`
			`const { pathname, searchParams } = url`
			`// ignore empty parts which exist due to pathname starting with '/'`
			`const emptyPart = part => !!part`
			`const parts = pathname.split('/').filter(emptyPart)`
			`if (parts[0] === 'items' && /^[0-9]+$/.test(parts[1])) {`
			`const itemId = parts[1]`
			`// check for valid item page due to referral links like /items/123456/r/ekzyis`
			`const itemPages = ['edit', 'ots', 'related']`
			`const itemPage = itemPages.includes(parts[2]) ? parts[2] : null`
			`if (itemPage) {`
			`// parse https://stacker.news/items/1/related?commentId=2`
			`// as #1/related`
			`// and not #2`
			`// since commentId will be ignored anyway`
			const linkText = `#${itemId}/${itemPage}`
			`return linkText`
			`}`
			`const commentId = searchParams.get('commentId')`
			const linkText = `#${commentId \|\| itemId}`
			`return linkText`
			`}`
			`}`

fix lint errors 2024-02-02 21:06:33 +00:00			`export function stripTrailingSlash (uri) {`
add stripTrailingSlash utility function 2024-02-02 20:44:37 +00:00			`return uri.endsWith('/') ? uri.slice(0, -1) : uri`
			`}`

Validate pubkey, relay URL and secret of NWC URL (#810) * Validate pubkey, relay URL and secret of NWC URL * Fix NWC secret regexp * Use sequential validation in Yup schema * Add note about possible mismatch between hostnames and pubkeys * Remove unused param 2024-02-14 21:09:13 +00:00			`export function parseNwcUrl (walletConnectUrl) {`
			`if (!walletConnectUrl) return {}`

			`walletConnectUrl = walletConnectUrl`
			`.replace('nostrwalletconnect://', 'http://')`
			`.replace('nostr+walletconnect://', 'http://') // makes it possible to parse with URL in the different environments (browser/node/...)`

			`// XXX There is a bug in parsing since we use the URL constructor for parsing:`
			`// A wallet pubkey matching /^[0-9a-fA-F]{64}$/ might not be a valid hostname.`
			`// Example: 11111111111 (10 1's) is a valid hostname (gets parsed as IPv4) but 111111111111 (11 1's) is not.`
			`// See https://stackoverflow.com/questions/56804936/how-does-only-numbers-in-url-resolve-to-a-domain`
			`// However, this seems to only get triggered if a wallet pubkey only contains digits so this is pretty improbable.`
			`const url = new URL(walletConnectUrl)`
			`const params = {}`
			`params.walletPubkey = url.host`
			`const secret = url.searchParams.get('secret')`
			`const relayUrl = url.searchParams.get('relay')`
			`if (secret) {`
			`params.secret = secret`
			`}`
			`if (relayUrl) {`
			`params.relayUrl = relayUrl`
			`}`
			`return params`
			`}`

lexical beta test url 2023-01-05 19:24:09 +00:00			`// eslint-disable-next-line`
allow nip05 for users 2023-01-07 00:53:09 +00:00			export const URL_REGEXP = /^((https?\|ftp):\/\/)?(www.)?(((([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(%[\da-f]{2})\|[!\$&'\(\)\\+,;=]\|:)@)?(((\d\|[1-9]\d\|1\d\d\|2[0-4]\d\|25[0-5])\.(\d\|[1-9]\d\|1\d\d\|2[0-4]\d\|25[0-5])\.(\d\|[1-9]\d\|1\d\d\|2[0-4]\d\|25[0-5])\.(\d\|[1-9]\d\|1\d\d\|2[0-4]\d\|25[0-5]))\|((([a-z]\|\d\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(([a-z]\|\d\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]\|\d\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(([a-z]\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?)(:\d)?)(\/((([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(%[\da-f]{2})\|[!\$&'\(\)\\+,;=]\|:\|@)+(\/(([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(%[\da-f]{2})\|[!\$&'\(\)\\+,;=]\|:\|@)))?)?(\?((([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(%[\da-f]{2})\|[!\$&'\(\)\\+,;=]\|:\|@)\|[\uE000-\uF8FF]\|\/\|\?))?(\#((([a-z]\|\d\|-\|\.\|_\|~\|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])\|(%[\da-f]{2})\|[!\$&'\(\)\\+,;=]\|:\|@)\|\/\|\?)*)?$/i

			`// eslint-disable-next-line`
allow websocket urls to have paths 2023-12-07 22:21:13 +00:00			export const WS_REGEXP = /^(wss?:\/\/)([0-9]{1,3}(?:\.[0-9]{1,3}){3}\|(?=[^\/]{1,254}(?![^\/]))(?:(?=[a-zA-Z0-9-]{1,63}\.)(?:xn--+)?[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)\.)+[a-zA-Z]{2,63})(:([0-9]{1,5}))?(\/[^\s`@#$^&=.?"{}\\]+\/?)([^\s`@#$^&=?"{}\/\\]+)?(\?[^\s`#$^"{}\\]+)*$/
Render images without markdown and use image proxy (#245) * Parse image links during markdown rendering * Use imgproxy to replace links * Add healthcheck See https://docs.imgproxy.net/healthcheck * Enable WebP and animation support * Only replace image URLs * Replace all occurrences * Fix creating posts with no text * Embed image on link posts where link is image --------- Co-authored-by: ekzyis <ek@stacker.news> 2023-07-13 00:10:01 +00:00
			export const IMGPROXY_URL_REGEXP = new RegExp(`^${process.env.NEXT_PUBLIC_IMGPROXY_URL}.*$`)
			`// this regex is not a bullet proof way of checking if a url points to an image. to be sure, fetch the url and check the mimetype`
			`export const IMG_URL_REGEXP = /^(https?:\/\/.*\.(?:png\|jpg\|jpeg\|gif))$/`